<?php
/*占位符形式二：采用“ ? ”*/
/*防止SQL语句注入*/

header('content-type:text/html; charset=utf-8');
$username = $_POST['username'];
$password = $_POST['password'];

try{
	$pdo = new PDO('mysql:host=localhost; dbname=exercise', 'root', 'root');
	$sql = "select * from user where username=? and password=?";
	$stmt = $pdo->prepare($sql);
	$stmt->execute(array($username, $password));
	echo $stmt->rowCount();
}catch(PDEOxception $e) {
	echo $e->getMessage();
} 
?>